Description
Overview:
The vendor neutral Certified Information Systems Risk Manager certification is designed for IT and IS professionals who are involved with risk identification, assessment& evaluation, risk response, risk monitoring, IS control design & implementation as well as IS control monitoring & maintenance. The Certified Information Systems Risk Manager training will enable professionals to elevate their understanding in identifying and evaluating entity-specific risk but also aid them in assessing risks associated to enterprise business objectives by equipping the practitioner to design, implement, monitor and maintain risk-based, efficient and effective IS controls. The Certified Information Systems Risk Manager covers 5 critical subjects; Risk Identification Assessment and Evaluation, Risk Response, Risk Monitoring, IS Control Design and Implementation and IS Control Monitoring & Maintenance.
Prerequisite(s):
A minimum of 1 year of Information Systems
Audience:
- Information System Security Officers
- Risk Managers
- Information Systems Owners
- Info Security Control Assessors
- System Managers
- State & Local Government Risk Managers
Outline:
The Big Picture
- About the C)ISRM Exam
- Exam Relevance
- About the C)ISRM Exam
- Section Overview
- Part 1 Learning Objectives
- Section Topics
- Overview of Risk Management
- Risk
- Risk and Opportunity Management
- Responsibility vs. Accountability
- Risk Management
- Roles and Responsibilities
- Relevance of Risk Management Frameworks, Standards and Practices
- Frameworks
- Standards
- Practices
- Relevance of Risk Governance
- Overview of Risk Governance
- Objectives of Risk Governance
- Foundation of Risk Governance
- Risk Appetite and Risk Tolerance
- Risk Awareness and Communication
- Key Concepts of
- Risk Governance
- Risk Culture
- Case Study
- Practice Question 1
- Practice Question 2
- Practice Question 3
- Practice Question 4
- Practice Question 5
- Acronym Review
- Definition Review
Domain 1 Risk Identification Assessment and Evaluation
- Section Overview
- Exam Relevance
- Domain 1 Learning Objectives
- Task Statements
- Knowledge Statements
- The Process
- Describing the Business Impact of IT Risk
- IT Risk in the Risk Hierarchy
- IT Risk Categories
- High Level Process Phases
- Risk Scenarios
- Definition of Risk Scenario
- Purpose of Risk Scenarios
- Event Types
- Risk Scenario Development
- Risk Registry & Risk Profile
- Risk Scenario Development
- Risk Scenario Components
- Risk Scenario Development
- Risk Scenario Development Enablers
- Systemic, Contagious or Obscure Risk
- Generic IT Risk Scenarios
- Definition of Risk Factor
- Examples of Risk Factors
- Risk Factors— External Environment
- Risk Factors— Risk Management Capability
- Risk Factors— IT Capability
- Risk Factors— IT Related Business Capabilities
- Methods for Analyzing IT Risk
- Likelihood and Impact
- Risk Analysis Output
- Risk Analysis Methods
- Risk Analysis Methods—Quantitative
- Risk Analysis Methods—Qualitative
- Risk Analysis Methods—for HIGH impact risk types
- Risk Analysis Methods
- Risk Analysis Methods—Business Impact Analysis (BIA)
- Methods for Assessing IT Risk
- Identifying and Assessing IT Risk
- Definitions
- Adverse Impact of Risk Event
- Business Impacts From IT Risk
- Business Related IT Risk Types
- IT Project-Related Risk
- Risk Components—Inherent Risk
- Risk Components—Residual Risk
- Risk Components—Control Risk
- Risk Components—Detection Risk
- Business Risk and Threats
- Addressed By IT Resources
- Identifying and Assessing IT Risk
- Methods For Describing
- IT Risk In Business Terms
- Case Study
- Acronym Review
- Definition Review
- Domain 1 – Exercises
Part II Domain 2 – Risk Response
- Section Overview
- Exam Relevance
- Domain 2 Learning Objectives
- Task Statements
- Knowledge Statements
- Risk Response Objectives
- The Risk Response Process
- Risk Response Options
- Risk Response Parameters
- Risk Tolerance and Risk Response Options
- Risk Response Prioritization Options
- Risk Mitigation Control Types
- Risk Response Prioritization Factors
- Risk Response Tracking, Integration and Implementation
- Process Phases
- Phase 1—Articulate Risk
- Phase 2—Manage Risk
- Phase 3—React To Risk Events
- Sample Case Study
- Domain 2 – Exercise 1
Part II – Domain 3 – Risk Monitoring
- Course Agenda
- Exam Relevance
- Learning Objectives
- Task Statements
- Knowledge Statements
- Essentials
- Risk Indicators
- Risk Indicator Selection Criteria
- Key Risk Indicators
- Risk Monitoring
- Risk Indicator Types and Parameters
- Risk Indicator Considerations
- Criteria for KRI Selection
- Benefits of Selecting Right KRIs
- Disadvantages of Wrong KRIs
- Changing KRIs
- Gathering KRI Data
- Steps to Data Gathering
- Gathering Requirements
- Data Access
- Data Preparation
- Data Validating Considerations
- Data Analysis
- Reporting and Corrective Actions
- Optimizing KRIs
- Use of Maturity Level Assessment
- Assessing Risk Maturity Levels
- Risk Management Capability Maturity Levels
- Changing Threat Levels
- Monitoring Changes in Threat Levels
- Measuring Changes in Threat Levels
- Responding to Changes in Threat Levels
- Threat Level Review
- Changes in Asset Value
- Maintain Asset Inventory
- Risk Reporting
- Reporting Content
- Effective Reports
- Report Recommendations
- Possible Risk Report Recipients
- Periodic Reporting
- Reporting Topics
- Risk Reporting Techniques
- Sample Case Study
- Practice Question 1
- Practice Question 2
- Practice Question 3
- Practice Question 4
- Acronym Review
- Definition Review
- Domain 3 – Exercises
Part II Domain 4 – IS Control Design and Implementation/h3>
- Section Overview
- Exam Relevance
- Domain 4 Learning Objectives
- Task Statements
- Knowledge Statements
- C)ISRM Involvement
- Control Definition
- Control Categories
- Control Types and Effects
- Control Methods
- Control Design Considerations
- Control Strength
- Control Strength
- Control Costs and Benefits
- Potential Loss Measures
- Total Cost of Ownership For Controls
- Role of the C)ISRM in SDLC
- The SDLC Process
- Outcomes of the Feasibility Study
- Task 1—Define Requirement
- Requirement Progression
- Business Information Requirements (COBIT)
- Requirements Success Factors
- Task 3—Acquire Software “Options”
- Software Selection Criteria
- Software Acquisition
- Software Acquisition Process
- Leading Principles for Design and Implementation
- C)ISRM Responsibilities
- Key System Design Activities:
- Steps to Perform Phase 2
- Phase 2 – Project Design and Development
- System Testing
- Test Plans
- Project Testing
- Types of Tests
- UAT Requirements
- Certification and Accreditation
- Project Status Reports
- Phase 3 – Project Testing
- Testing Techniques
- Verification and Validation
- Phase 4 – Project Implementation
- Project Implementation
- The Systems
- Development Life Cycle (SDLC)
- ‘Meets and Continues to Meet’
- SDLC
- SDLC Phases
- Addressing Risk Within the SDLC
- Business Risk versus Project Risk
- Understanding Project Risk
- Addressing Business Risk
- Understanding Business and Risk Requirements
- Understand Business Risk
- High Level SDLC Phases
- Project Initiation
- Phase 1 – Project Initiation
- Phase 1 Tasks
- Task 1—Feasibility Study
- Feasibility Study Components
- Determining Feasibility
- Implementation Phases
- Phase 4 – Project Implementation
- End User Training Plans & Techniques
- Training Strategy
- Data Migration/Conversion Considerations
- Risks During Data Migration
- Data Conversion Steps
- Implementation Rollback
- Data Conversion Project Key Considerations
- Changeover Techniques
- Post-Implementation Review
- Performing Post-Implementation Review
- Measurements of Critical Success Factors
- Closing a Project
- Project Management and Controlling
- Project Management Tools and Techniques
- Project Management Elements
- Project Management Practices
- PERT chart and critical path
- PERT Attribute
- Sample Case Study
- Practice Question 1
- Practice Question 2
- Practice Question 3
- Practice Question 4
- Practice Question 5
Reviews
There are no reviews yet.